Penetration Testing with Kali Linux OffSec
|
|
sudo iptables -Z
kali@kali:~$ nmap -p 1-65535 192.168.50.149 Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-09 05:23 EST Nmap scan report for 192.168.50.149 Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 143 Host is up (0.11s latency). Not shown: 65510 closed tcp ports (conn-refused) PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 5985/tcp open wsman 9389/tcp open adws 47001/tcp open winrm 49664/tcp open unknown ... Nmap done: 1 IP address (1 host up) scanned in 2141.22 seconds kali@kali:~$ sudo iptables -vn -L Chain INPUT (policy ACCEPT 67996 packets, 6253K bytes) pkts bytes target prot opt in out source destination 68724 2749K ACCEPT all -- * * 192.168.50.149 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 67923 packets, 7606K bytes) pkts bytes target prot opt in out source destination 68807 4127K ACCEPT all -- * * 0.0.0.0/0 192.168.50.149 Listing 57 - Using iptables to monitor nmap traffic for a port scan on ALL TCP ports A similar local port scan explicitly probing all 65535 ports generated about 4 MB of traffic - a significantly higher amount. However, this full port scan has discovered more ports than the default TCP scan found. Our results imply that a full Nmap scan of a class C network (254 hosts) would result in sending over 1000 MB of traffic to the network. Ideally, a full TCP and UDP port scan of every single target machine would provide the most accurate information about exposed network services. However, we clearly need to balance any traffic restrictions (such as a slow uplink) with discovering additional open ports and services via a more exhaustive scan. This is especially true for larger networks, such as a class A or B network assessment. There are modern port scanners like MASSCAN 257 and RustScan 258 that, although faster than Nmap, generate a substantial amount of concurrent traffic. Nmap, on 257 (OffSec, 2023), https://tools.kali.org/information-gathering/masscan 258 (RustScan, 2022), https://rustscan.github.io/RustScan/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 144 the other hand, imposes some traffic rate limiting that results in less bandwidth congestion and more covert behavior. Having learned about Nmap’s basic use, we’ll now explore some of Nmap’s various scanning techniques, beginning with Stealth / SYN Scanning . The most popular Nmap scanning technique is SYN, or “stealth” scanning. 259 There are many benefits to using a SYN scan and as such, it is the default scan option used when no scan option is specified in an nmap command and the user has the required raw socket privileges. SYN scanning is a TCP port scanning method that involves sending SYN packets to various ports on a target machine without completing a TCP handshake. If a TCP port is open, a SYN-ACK should be sent back from the target machine, informing us that the port is open. At this point, the port scanner does not bother to send the final ACK to complete the three-way handshake. kali@kali:~$ Yüklə Dostları ilə paylaş:
|